tv Key Capitol Hill Hearings CSPAN July 28, 2016 6:57am-8:58am EDT
will notice enemies to tell everybody else. what we do at the department of homeland security is look at the cybergiven how we make technology more enjoyable. how we can keep things like consumer elect john x, look at the explosion on the internet of things is a good thing because going forward we have to protect technology. i will say privacy is make a ton of money. they make better things for us the world so that our infrastructure self-healing. i brought in the homeland security and when he came in to hope the connected ecosystem work with the routing system. when you send traffic or machine to machine. if one is unavailable or not working, there is protocol to
everybody of that but nothing stops and that is how we have to work in cybersecurity. they make jokes to get my going party about what we're doing when i announced i was going to government. i want him to the finest team on the bayonet. i've 2000 of the finest scientists have ever known. i oversee the cybersecurity operation said the incident was him, the ability to rip apart my wire, the work in, the working partnership in outreach and education and training and all of the operations side. we work hand-in-hand with folks not in the light horsemen partners, u.s. secrets surface, which is part of the homeland security investigation. part of immigration customs enforcement and certainly our brothers and sisters in the fbi allegiance community. we need more people. i need to grow that team. part of the challenge has been
immensely look at its top priority to my boss, undersecretary baldy and her boss, secretary johnson. at the top priority to president obama doesn't put this in the cybersecurity national action plans. we are looking up what can we do as the department to make not only attracting votes to our department is here, but how to actually bring them on. when i first came in, and i looked at what are the things on our team that are amazing and great and i'm still making that list. incredible group. when i go out, less often than it used to be, but people didn't know what the department dating cybersecurity. number two, they had no idea how to get into government. we are trying to make that easier. one is get out and talk about what we do. we are the folks that got on airplanes it might seem into the ukraine when a quarter -- many thanks to those folks.
how do we make sure that people know what we do so if they think about government they can think about working for the department or other parts of our government. number two, how do we make it easier? i gave a keynote to five people -- somebody raised her hand and it are you trying to steal our people. i laughed and i said you pay them four times that i can write now. i do want to, but we'll talk about that in a few minutes. we don't want to steal. we want to create a new trend, where a career in millennial set the preferred way for my grandfather worked for one company for 50 years and got a watch when he retired. the new careers to several different tours of duty in several different places and we hope some of that will be in government. the skills you create and the skills that you bring back to the air.
we spent a lot of time with our outreach folks. one of our top experts on how we communicate with folks and how we work with the price. we really want to get at 2047 response and mitigation, high energy that this not yesterday's government. we have people that are the best in the business that are constantly learning. they see a few things you'd never see anywhere else. how do we attract people with the salary differential. number one, the machine can usually draw. i would have to say this is the best six years i've ever had. you get to see you do things in effect change and do positive change in ways you'd never imagine. one of the first things when i came into government as they started to show me things, how much government does for somebody like me never have to know about it. the department itself is looking at several different things. one is to streamline the hiring process. there are things we can't
control. how long it takes to get clearance for go through the other vetting processes it but there are things we can control. the department of homeland security asked the secrets service or tsa, who you all know from the airport, feedback, but management run for us, the financials and the way her department runs. many important functions and they say what are the processes of hiring that we can make faster for you. for example, if there is a long? , moving somebody that is not going to advance to make you very quickly, finding ways to move those people forward. tracking people. i made a couple key hires when i came in and i believe it or not, both of those people were already in government. i called the never couple weeks to make sure they knew we was so interested. in another process takes a long time in the clearing i've come
than making sure we get some customer service, just like h.r. and a company would do. reaching out to people and making it a lot faster, streamline processes and automated processes. the sanctity jail, temporary job offer today and tomorrow. we are having a big jobs hiring tomorrow. we will hire people on site. assuming i pass all the backgrounds and clearances, we can bring them in. we also look at ways to save for your first few weeks on the job when you may not be the clearance, can reduce some kind current processing and figure out where the office is. can we do something so we can make cheap -- make each process move faster and bring people in. as a look at the transformation, a word reassert change in the national protection of programs directorate in one key way, making sure that our teams that focus on the cyberresponse and teams that focus on the physical response in a boat there
efficient response in the field. combining the cyber-- i know there was a report looking at a response such as ukraine, you need to understand how to keep both sides of the grad and you also need to focus and understand the protocol to figure out if one of the monitoring systems by ron and make sure we can bring our cyberand real-world systems together in a more efficient way. as we do that, we hope to attract people to say yes, that is some unit what to do. i see an application for cybersecurity beyond the purely technical that i hear about in the news. i see where cybersecurity goes into my actual way of life. looking at how the findings of this report will help with implementing government how we do hiring, how we talk to people. i recall one graph that shows how people focusing care more about promotion and training. how do we show people their career path? one of the things inside
deliberately hired executives to work for me at our technical because i discovered that my top skilled people respected that more detonators that are technical. in order to create a career path, we have to focus on showing the top skilled people, cyberninja. there is a career path that doesn't require you to decide that going to management and leadership. we should never have to make the choice. do what you do best and going to leadership that you can meet others. we are looking on focusing areas of cybersecurity comes an income education program, dynamics of actual environment and anything that can eliminate harassing employees how to make government not only a more attractive place to go, but again an easier place to understand how to come into. our federal workforce, we look at the programs. rodney petersen is running a
nice program, looks at training. you can look at current cyberprofessionals looking to enter the cyberfield. people with an i.t. background i want to get certification in federal, state, local peer in helping some of the veterans programs know how to target their folks in the cybersecurity as well. physically program within the homeland security investigation that teaches them will get that cybersecurity. i got to meet some of the graduating class and i came in 20 teen and these are amazing, smart people. we're trying to bring in more and more of the mind share. we are currently recruiting. you all know u.s.a. jobs.gov. it's a little bit of a faster and more direct way to meet people on site today. it made a lot of folks doing hiring and they could get temporary job offers for folks to come in today. we have a cybersecurity
internship program. a lot of high school statement showing the operations center that we found ways to bring students in. you can imagine what it might be like to clear up a 3018-year-olds into a classified operating center. i credit my team without one. enabling folks and young women that have taken a host number. and they are not nerds, they are like candidates. they are cool. they want to do some paint that does good egg in a highly technical it really smart. how do we show them the world in the way they've never seen before. the secretary of commerce program is a very competitive program and we do a lot of work in helping people on career path to aim at every different of your career. what do you want to do, what you want to focus on and how you aimed towards someone at ses. we do a lot of mentoring with employers and employees in how we help them get to those three places.
one of the first times i realized how much people light up when they don't see what's going on in the inside and all the sudden they do is write after a brief journey secretary in the winter of 2013. after he got the briefing on my vision and our vision and where we go with cybersecurity, ready to go to school? i said georgia tech. one of the staff members had told me he didn't like power points. we didn't have a lot of choices to get markers and paper. i didn't know at that time that he does like powerpoint. he thought it was utterly ridiculous that his highest tech people were writing a magic marker. but he said i want to go down there. i want to see where you came from. he planned a day where he gave a big speech at his alma mater in atlanta. they welcome the new president and we visited those schools. i schools. it must attack to 100 students,
was able to bring in our cabinet secretary who enjoyed every moment i've seen the research project, meeting the studentscome asking me about the google class that one gentleman was warning. i did a lot of explaining in the car on the way back. but it was a good time also to watch the students say this really goes on in government and government came here and these people pretty much came and just wanted to talk to us and see what we do and hang out. the students have a very good time. that's when i realized we need to find a way to attract these people. all the students i met with were very interested in coming to see how we can be part of their research path forward. at that point i didn't have an answer of how we would bring that in. we have a much, much better answer in the report will help us figure out how to build a bridge between government and private sector.
two weeks ago when we actually fill a discussion about hiring an workforce and why i came here and why he can't government. it really does remind me of his commitment and my boss' commitment to making sure that we get the absolute best and brightest. we do some amazing work. there is nothing my team can do. there's no adversary they can't figure out. i want to get the best in the very, very brightest. we will make your job a lot of fun. that goes into a special program that my boss worked on with intel. her thought in his thought was what can we do for a joint program between private sector and government that enables people to get the financial benefit of working in the private sector, innovate, build dixie and understand the importance of building and shaping the market. how do we also let them have
government and see things they've never seen before. beat in our shop fixtures skills the sharpest and trade see that you don't need to sleep. that's overrated. you'll constantly run and be excited and come out. how can we get those skills and let them transfer those with a tour of duty in government have a tour of duty of private sector and go back and forth with a couple good options. one if they figure out how to pay for the education for the service to government. we will figure out a way to help them in a career path that's career path that commensurate indicted by the government and the private sector. we would note on success of the program. we have a lot of good result from scholarship for service that we found at the national science foundation. i speak about almost every year. there must be a thousand students that come to the dinner. i know their interest you.
they have always come to us and set us and that although one said ths comeback to us. we want to build on the success of that. can you build programs that go between the government and private sector. our management director called this a passport. he might not have to go through all the bedding again. he just got in and out. how do we have a new way, a new career path that is high-impact, highly promotional and enables people if we do it right they will make the most money when the kids go to college so it's not a financial issue, but you see the best of industry, best of government and the best of both to reach world. one of the things we are doing and said ths that can transfer your as we find a way with authorities by the hilty is direct hire. we can hire you without going through the process.
we have cyberpad or incentive pay. the people who meet certain criteria got more money. we've been giving out bonuses to make sure they feel they have a career path. a great way to show appreciation when we have coffee and cookies in the office is because somebody bought them personally. we have no real way to show appreciation, but we can do this with our cyberpay. very good result from our own perspective as well. i'm excited about what they are putting together. the trend breaking cover groundbreaking where you change a career. you create more people like candice and you also give them government. send private tour experience and let them breed both to each. that will create along with more diversity, if you look at our adversary, it's global. that is a diverse adversary. we address that with one
demographic, one gender, we are at a disadvantage. i like to make my teams as diverse as possible. if they focus on not, we will cause a lot of pain to a very large adversary. thank you very much to jim at csis and all who wrote this great report. [applause] >> canvasses cool. i was talking to her before the event. before phyllis sits down, and the average lifespan of a political appointee in the federal government, 18 month means half of them will leave after 18 months. how long have you been there? [inaudible] three years. you are doing double the average. it's a tremendous sacrifice, especially for someone like phyllis. let's give her another round of
applause. [applause] >> thank you. i work with great people. it is truly enjoyable. >> yes, it's a difficult job and it's a lot of sacrifice. thank you. can this -- candice, do you want to come out? >> thank you for coming today. i know you're all very busy. i want to thank phyllis. she and i worked closely together when she was with mcafee and having known her skills and capabilities, i want to say i am thrilled to death shoes in public service and she's involved in cybersecurity at a federal level. frank lee, i sleep better at night knowing that because i have incredible at duration for her abilities that you should all be thankful she's taken this role in helping us keep this country safe. i also want to thank csis for the great work they've done with
us. they've been a longtime collaboration with us. there worked on a number of reports. the latest around the town of rap is extremely important and relevant to where we are at. there's been a lot of talk for the last couple years around to me have a talent shortage. part of why we decided to do this report is to kind of put that question to bad. many of the customers that we work with, many of the agencies we work with feel that there is a talent shortage because they have difficulty filling the roles we have both been. we decided we really wanted to put an exclamation point at the end of that sentence and say there is absolutely a talent shortage. 82% of the respondents concur they have an extremely difficult time filling the roles of the organization and to have a cybersecurity talent gap and get the right folks into the organization.
there's some fairly significant implications to that. when you have open wraps, positions that are not told in a cybersecurity organization, in all probability either of the people you have an staff are four hours a day, which means they burn out or they are probably not quite as alert the next morning as they might at that had they gotten a good nights sleep, but also things are not getting done. when you have open positions, you are probably going to look at the things that are least critical. not that they are not critical. these critical. those are the things traded off. you can't ignore an incident that occurred. you can't ignore potential breach that you suspect may have occurred. but you might delay the patching of the operating system. delaying a patch is an incredible gift to the hacking
community. it is one of the primary ways they actually used to get into an organization and penetrate the ecosystem of that network. the talent shortage is in fact putting organizations and companies at greater risk. in the survey we had 71% of the respondents felt that their inability to get the right talent ensign talent to fill their roles is in fact increasing their security risk as an organization. many reported loss of data is one of the potential risks any kind of security at also has reputation implications either free agency or corporation. that gets into the price, get to their customers that the na breach. i have a lack of trust in the organization from a security. there are significant implications when you are unable to have it all staff doing everything from what i call the janitorial security patching, a
david mack, upgrading applications to a later version all the way to responding to critical incidents, making sure your network is said and trained as impenetrable as possible. there's serious implications to this. i personally thought one of the most interesting things was 50% required technical degree. having been in this industry for 16 years pathetic technical agree, i am not a rather interesting statistic. i had good and long career in the industry does it the fact i didn't get a computer science degree. i have a management degree with a minor behavioral science. the psychology degree is much better than that is mr. greatness in this area. there's a lot of psychology when it comes to hacking and penetrating organizations. i think with that degree, i noted what companies were saying is although they want the
technical degree, they had two or three things more important to them. one was real-world ex areas. the other was professional certification and the third was things like hacking competition. although most of them required the third priority for them in terms of looking at a candidate to determine whether or not they were the best candidate for the job. things that are fashionable experience, hacking competitions actually ranks more important. kind of an interesting dichotomy. if you don't have experience or hacking competitions or professional certificate, and maybe you fall further down on my recruitment lists. kind of an interesting statistic that came out of the survey. especially given that we are in washington d.c. at many of you are all with government and agencies, there is on its also
thought universally across the globe that governments could be doing more. they were not doing enough to help build the cybersecurity talent tunnel. that governments could play a more overall. and health security, to feel at this point has been very proactive in terms of trying to work in partnership with governments as well as some of our customers and other vendors in the industry to try to figure out how do we solve this problem and build the security pipeline. we work with a number of universities, some of the government agencies in putting together programs will help to drive that pipeline development. we are also doing things at a very young age. we have a program where we have a set of materials that are employees can volunteer to use. go out to their local schools and teach, and security to elementary students, junior high students and high school students.
i've not had -- oftentimes they are as educated nonsecurity and computers as most of the folks in our organization. but the elementary school in junior high, getting them aware that cyberis an issue in vietnam minus initiate any two because turned about to plant it in their mind that computers are more than a gaming console. they are more than social chat. their there are implications to be an online and hopefully planning does so when they get to high school and college we can have a discussion about cybersecurity as a career. i spoke with a group of women and yorks polytech nick institute a year or so ago and they're trying to get more women into their cybersecurity program. this is a career where you don't just go to work every day, but you get to go to work and be a hero and warrior and caretaker and teacher. this is a career where you play
a number of personas because the industry itself in our ability to respond mandate that. when a major incident happens coming of a customer on the phone but did not die because their personal careers at risk. your turn into a caretaker pretty darn quickly. this is an industry where as we talk to you folks about it through the space, there is an opportunity to create those personas in their mind that make you feel like it not just about adding a keyboard. i think we have an incredible opportunity as an industry and partner with government, and partner with our comrades in the security space and with private industry to work on solutions to build the talent pipeline. i'm extremely excited about working on this program and helping drive the initiative forward. hopefully you will enjoy this report. hopefully you'll find it useful. thank you area much for coming
today. [applause] >> so, we have time for a few questions. i think we have microphones in the back. if you have a question, hold up your hand. i will start by saying -- i have two questions actually. the first question, and it's for both of you. you have a microphone. you have to come up. have you seen the workforce change in the time -- [inaudible] what is different now than it was when you both came in a few years ago? >> i will say, i kind of forgot. [inaudible] so i've worked with astronomy majors, geography majors, anthropology majors who were coders --
[inaudible] incredibly talented, committed, passionate people who had created a hobby of a computer program and they turned that into a career. i think that over time, as i think the reports kind of indicated, the whole degree in computer science became more important because those are people in the very early in my time. now i say about back five or 10 years ago, having a degree has become such a critical part of hiring someone. i think that maybe it overshadowed all of the great talent that is out there that has gained their skill sets through alternate means. so i think there has been an evolution of that. certainly there has been an abolition of the attacker. if i think about the attacker when i first started, there were script kiddies, the term for them way back then. 18-year-olds in their basement trying to get their piece of now
where in the front page of the newspapers somewhere. the adversary has changed dramatically. we are talking organized hakki. our adversarial sides of the were offended as we are, as educated, as organized as we are. that means that the talent pool has to be capable of thinking in a way that our adversaries think. that is where the gaming comes in. think about the gaming angle. i watched kids. kids, my husband and my brother, gaming. [laughter] it takes massive to do everything, the ability to see multiple things going on at the same time and determine which are the most important to take action on. we joke about gaming, yet when you think about what it takes to play those games, it is
incredibly difficult. multitasking, deductive reasoning, very quick in making decisions. when you think about what you have to do to be in a cybersecurity career or field, a lot of skill sets applied. i think it is an untapped talent pool that we've got to be encouraging the kids who left the game to consider. >> gaming, i haven't thought about that. >> when i started this, i grew up in technology. [inaudible] i grew up around the wiki light and to me this is where the cool factor was. ..
i brought him a summit this would be awesome as it was or a different thing. he was incredible and he stole the stage because he said we want, we need to work with you. i'm here to partner and we are bringing in a hacker in residence. that doesn't mean some is good hardcover. someone from the crowd and the team with those amazing skills opening the doors what has been perceived as government and for whatever people think, this is another team of people of a different mission at have access to different things but we want and need to work with you.
there's a whole spectrum of skills we need. i tell people, the commencement speech at john johns hopkins, it agree of highly technical skills. you can come up and build the next great widget. please learn to communicate. i learned a lot of this from tom when us back at company budget to learn to speak non-klingon. you may understand how that construction was stolen another malware works and all the cool work but nobody else among the decision-makers to whom you explain this does. so when you find yourself as i sitting in the situation room in the back making sure you're there so your principle is at the undersecretary or th the dey as what they need or you find us of any meeting where you are the person, you have to convey what happened in the normal language. the second still i think you need is to understand how to build teams. you can be the smartest inability they can't work with everybody we could o have the bt workforce, if they can all work
together in some way it's not going to work. the gaming skills and people skills need to come together with the hard-core tech. >> just a footnote. australia's survey form as a space where you can fill in your essay group and allows you to fill in whatever you want. 25,000 australians build in they were klingon. so there is a market, not in the u.s., but maybe building on something that was said i was thinking about. i was on a panel at the naval academy and two admirals and a general. they were all women. i got to talk to the head of the 10th fleet which is maybe cyber command, she's a three-star admiral. when you think about dhs, the two top leaders are phyllis and assistant. the workplace looks really different but you can tell some
sort of a long-term perspective what's it like for women now? how was it changed? how to get more women into the workforce? that's a tough one. >> my philosophy on that is that i want to be hired because on the best person for the job and i want to hire people that are best people for the job. i don't care if they are female or klingon, right? the fact that this industry has afforded me an incredible career, i'm very grateful for that. it is been an amazing company to work for. i started as a project manager for the antivirus project and ended up running one of the largest businesses. high-tech in general and security specifically has been incredibly good to me. i don't think it was good to me because i was a woman. it was good because i was capable, because i met my commitment. when i talk to young women i say like, focus on doing the best job that you can, being
excellent the whatever you aspire to be, and you will move forward in your career. if you work for an organization or a company where that doesn't happen, leave. there are thousands of other companies that would be thrilled to have you if your excellent at what you do. still to this day i am often maybe the only woman in a room or the only, one of two women in a room. who cares? like i am for gm in the room, a vp, a product manager in the room and i want them to see me in that role, just like i see them in that role. i think being a woman in this industry, it's a great industry because oftentimes i have worked for companies who didn't see that as an issue let alone kind of see it. i'm very okay with it. i want to be seen as what i do
and how good i am at it. i think as long as you focus on that, i think there are very few places in the world where you will not do well. >> thank you. >> once again i agree with candace. utah high school girls, they are the best the with e. do for them to cross that katherine if you will -- tavern. it's not well my friend are doing. i think society is changing traditionatraditions are changi. for me i have a little niece, a couple but one is to have and she hasn't gotten to cyber quite yet but the other one wants to be a fireman with a, a doctor the next day. she has no limits and i think that cultures change on its own. they don't see any boundaries. >> when you do talk to young women like that, so if you're
the only woman in the room and you're definitely the best woman in the room, and oftentimes you can be the best in the room regardless of how many women or men are there. you are generally more motivated to prove your ability as a result of being the only woman there. you often feel like you've got to work harder and be better so that people recognize that your outstanding in your job. for a young woman to go like wow, i can be the best and i can stand out because i may be the only one like me, that's a great selling tool. in high school you want to be like everybody else. but as you get past that and into college and in your career, that can be pretty awesome spirit this is just like sports. many years ago there wasn't a girls volleyball team for girls softball team. i was just of industry change a few years ago in the light of the bathroom at rsa business long for us as for the guys.
but look we want the best and the brightest. i don't care if that's a tropical fit. we want to see what you can do, how you built into the team, what you can bring, how you can use your skills. i think the focus on women has been obvious culturally. when i've gone overseas, in many cases the women are in the back taking notes and would be my boss and me at the table and people would look like what you doing? you get over it. i think it's fun. you steer them in the eye and you compete. you work than reading and you produce. that's the key. >> i really am going to be people a chance to ask the question but i have to ask one more the kind of builds off this discussion, which is simple but you've been in the geek world now for a while. when you think of the geek world as it was let's say in the
'90s, it was usually a guy, certain attributes, one of them was largely a pizza box. how has the increase in women in the workforce changed geek culture? this has implications for recruitment. what's different about being a geek now than it was say 20 years ago? >> absolutely nothing. i'll prove it. we decided tolet our cyber ninjas and wear jeans to work. depiction of government is everybody is wearing a suit. we want our folks to become double, to feel like they're in a technical team. we decided that we would let them wear jeans. our member this ended up requiring a memo. i was new to government and i went to the under secretary and i said what quick she said no, it's processed the wheel to the process and follow to the process unfold right what i think it will all work out.
i wore ripped jeans to the meeting to discuss a because my buddhism else in room that i oppose was are you going to respect the industry him any less a guess i'm dressed like a geek today than you would if i was doing something very nice? because the guys in the ladies that we focus on that we need a time of crisis come everything you see on the news largely has been handled before comes on the news and that's why that team and others across government and private sector, i don't think they need to be wearing three-piece suits to do. we want them to have the skills and be comfortable. i'm not allergic to pizza. i think being a geeky, the image, i just think it's cool now. >> i think the other difference, one difference, and that is so many of the incidents are high profile your like when i first started unit code red and if you attacks that were pretty high profile, but now when an attack
occurs to people who understand the attack need to be able to communicate. i had engineers who are were brilliant that i worked with that oh, my goodness, i probably would not have put them in front of the customer because they just say what they think. although it's very accurate technically, minute the best thing to say to a person under extreme stress in crisis because they are sensitive during those times. one of the things we've seen is the more technical people that would have in an organization that has a probability of meeting me in front of the press come in front of our customers, building that communication skills that i think is much more important today than it was in the early 2000. because it is more often that someone is highly technical might have to go in front of the board. you are not going to put someone without communication skills in front of the border generally,
not in front of the press. i think in addition to the geeky technical skills and indicate its week which i agree, you still find candy wrappers and coke gets into garbage can at the end of the day, but the skill set i've seen changes many of those highly technical individuals have had to up their communications game because they're called upon to do outbound discussions much more often now, given the high profile nature of some of these attacks. >> and we have questions in the audience of? one in the front and one in the back. >> we face a lot of the same issues in terms of getting and recruiting in the talent or for good people. there's two things i'm interested in. one is if you're going to be training people for the job you would be shortchanging the because if you educate them for
the particular area of knowledge and to learn all of the thinking skills and self problem skills as they go along for a long period of time, they can then amplified and go for quite a bit more easily. i'm worried about any of these programs that look to me to be shortchanging it since. secondly, you keep saying you have to be an interpreter, for people in the room. why can't those people be like you instead of you having to interpret to them? why can't they be like the head of the department of energy? >> great question but i could spend an hour but i will spend a minute. thank you. i think on the communications, it's very important to the point out and some people are very good at that and some people are highly technical. there are some people who have
absolutely no interest in speaking publicly or explaining things. you don't want to force a skill set that i want people, and i believe that people are most productive when they do what they love doing. so they get some scientists that have no desire to go out and speak to their public, we need other people that can speak. i've learned this both incorporate and in government sort of in a briefing style. you sometimes have 30 seconds to convey what happened overnight in what could be a widescale attack to a secretary or a deputy secretary that's going to the microphone the face in 20 minutes. they are smart, they will get it but you have to give it to them in a way that has some depth and some impact. i think that only comes with practice and there are certain people who just don't enjoy that so we don't force a. there are plenty of people you're like candies and me and jim and others that can be both and others that prefer to stay with the media side into an excellent job of portraying
things. they have to know what's going on in order to translate it. there's the other end of the spectrum that would just prefer to not have to deal with going -- that's what you like. that's my opinion. that's how we run. i like people to focus on what they enjoy the most. to your other question, i understand that, it's a real point. if you're not going to spend a long time in one place i think what you're asking is how do you get the skills an within that cn help you grow. i think as undersecretary spalding and chris young designed this program, they will look at that. a lot of the hard-core technical skills, you would need in the department or you would need in a hard-core security company are the same. the other skills, the understanding of how marketing engines and research and development engines and budgets and quarters and revenues dried one side, and the other side, so one side is doing it for the
money so they can do it for the money. they keep people happy with the money but often things come out. on the other side we do a mission and the money from my side right now is just fuel. the hard-core what you're generating, at the scientific level is not so different but the skills of understand how to drive a company or how to help the government help its citizens and global partners, those are the very, very different skills. i think you need both. >> i probably would not say anything different. i agree. problem-solving to understand financials, communication skills are transferable regardless of whether you're working in the security industry or the financial sector or retail or government industry, agency industry, whatever. those core sets of skills translate. computer science skills, writing the code translates whether working for security company or working for banking company writing proprietary applications
with the internal systems. many of the skills you need in this industry does translate. even if we look at the hacking competitions or wargame skills you might develop as part of a program in this space, you will develop deductive reasoning capability, create a better set of problem-solving skills. i can't think of a single job where better problem-solving and deductive reasoning would not be an incredibly great set of assets to have. i think we say they are cybersecurity programs because we look at those training programs through that lens. 85-90% of what you get out of those programs would be translatable to a different industry. >> we had one in the back. >> i don't need that. >> you do, to get a recorded. >> okay.
i apologize to the people in front o of of me. report a digital had recommendation that curriculum and if modified especially in engineering disciplines where that's what the next generations were coming out. to have much more cybersecurity knowledge. in this study when you're looking at the gaps out there and look at ways of how do we get the people with the skills, do you guys a lot of increase our progress made in getting that is pretty knowledge incorporated into the various disciplines and curriculum out there so that the devices that we buy for the infrastructure, the computers are in bed with cybersecurity rather than what's that basically a bolt on and on? >> certainly i think writing secure code, there's been an increased focus on that and curriculum because you can't very well teach code and class without talking secure code. we also in the past worked with a few universities around a
pilot curriculum for cybersecurity. that was a pilot we did a couple years ago with a couple universities on the west coast. it was interesting, those classes filled up in 15 minutes. talking to the being of one of those goals he set it was like a rock concert. literally it was a line around the block with kids lined up for that curriculum. so there is demand in universities for the curriculum and the content by students. i think it's incumbent upon security industry and government to work were close with education to build that out. there's been baby steps in that direction. idon't think we are as far as we need to be. i think that some of the discussion we've been having, those that i think are at corporate level as well as organizations to try to accelerate that. in terms of building for industrial and iot, that's going
to be a combination of both getting that into curriculum, and the mindset of student coming out of computer science degrees to think about how do i designed with security but it's also incumbent upon corporations that are building the devices to make it a priority to develop the architecture with security in mind and then manufacture some of security capabilities into the industrial control over with a device is from the get-go. adding it after it's already shipped is very difficult. building it in up front so it can be managed by a system after the fact, much, much better. i think it will be a combination of industry and education. >> how many years -- thank you for the question. you were aiming includes many, many years ago. as a whole side of securing these systems that's not typical cybersecurity, not the protocol. how do we bring those teams
together, that look at the light that flashes on and off out how to bring this together with the guys that are running the ip protocol, standard internet geeks, to monitor the stuff miles away? one of the areas we look at is in our industrial control. some of our finest, and daschle control system, the systems that run your electric grid or your water or your lights or your energy or natural gas. but looking at the systems that are controlled by electronic signals with a controlled mechanical functions. it's this area and a lot of why would i do we organized a we do our field response and natural program director and tried weaning ourselves, because the shows the real mission to it takes what mike is saying, takes these devices that are dictating and enabling our world and shows their connection to cyber but
brings it together. some of the talent in that, that's how it is where we have to build i think, again that's part of where we want to add a lot of those rock stars. that's where we are focusing a lot because the systems, they are pretty uniform across the different infrastructures, but they key is working with the manufacturers to innovate ways to make them more secure and then working with the operators to please not use the password that came on the package in how you wanted to them over the internet. so we monitor this 24/7. there are tens of thousands of these exposed, outlook college. we have gone out in campaigns and if you own or operate one of these systems, let's look at that from a risk management consequence of perspective and so at what point are we going to do what level security, not one that i was locked on a $5 item
but let's look at how we assess all this. so it goes from the tactical to the cyber, to the actual ip protocol side, and in many ways toward the risk management corporate site which again goes to the judgment point why i think it's important to have both skills. >> both tend us and fills have day jobs. you may have suspected that, and we are fortunate that candace will stay for the panel discussion. her comments have been great but phyllis for some reason feels like she needs to get back to work. so please join me in thanking our two speakers. [applause] >> can ask the panelists to come up, too, by the way? [inaudible conversations]
>> everyone ready to go? welcome and thanks for joining us today for a discussion of the cybersecurity report. in the report that we did as just mentioned by speakers we surveyed 80 countries from australiaustrali a, france, ma germany, israel, japan, mexico, ma the uk and the u.s. to analyze companies and governments in these countries should put cybersecurity workforce development. we look at four dimensions of cybersecurity workforce development efforts, cyber cities in him education programs, employ dynamics and public policies. with the help of this panel we will dig deeper into these dimensions and examine international approaches to cybersecurity workforce
development. without further ado let me introduce the panel. we've already met candace in her opening remarks and have heard how cool she is. and then next we have rodney petersen, director of the national initiative for cybersecurity education at the national institutes of standards and technology. he was managing director and senior government relations officer where he founded and directed the cybersecurity initiative. next we have simone petrella, chief cybersecurity office at cybervista where she lived product development and delivery of cybersecurity training and education curriculum as well as workforce initiatives for executives, cyberpunk to sugars and continuing education. previously us associate at boot hamilton allen. last on the panel we have amir becker, director of cyber
cooperation at the embassy of israel. he jointly served as the israeli nationals of cyber beer in office of the prime minister and indices commercial mission. he leaves the bilateral engagements between israel and the u.s. in the cyber realm. so to jump right in, one of the findings from our survey was that only 23% of respondenresponden respondents said traditional bachelors degree for fully prepare students for a career in cybersecurity. our traditional degrees the longer the best investment for people wanting to enter this field, and how we -- how can we improve the quality? >> thank you. yes, it's an excellent question. question. for so want to thank csis for the study and report. one of the things that strikes in the introduction that is a critical to kuwait is the reference to the cybersecurity workforce for shortfall, for companies and nations. that vulnerability really
implies that the support of risk management that we don't talk enough about. we talk about technical mitigation, processes and other software design, system vulnerabilities by the human element is a critical part of risk management. later in the report you said 97% of boards are aware of cybersecurity as an issue so i hope this report and the work we're doing at the national initiative for cybersecurity education will raise urgency around workforce as part of risk management. specifically to your question about kind of the quantity and quality of what education is producing for cybersecurity workforce, we recognize that as a concerned company challenge and an opportunity. a nice program is develop a strategic plan that identifies a single one of them to focus on nurturing a different sorting community. the first thing i would say is the traditional pipeline most of us are fully with students going through a k-12 school and then university and sent to the
employer is not the only pathway to getting into the cybersecurity. it's an important pathway and a long-term pathway that we want to invest in and improve upon but there are other pathways including the fact a lot of cybersecurity professionals or change jobs midcareer and already have a bachelors degree in a field like psychology and want to get some skills and training whether it's through a training certification program through a community college degree. so our goal and strategy is not like to nurture this learning in community but also to accelerate learning and skills development. the final pathway is to recognize that the training and education and skills development that happening in our high schools and in our community colleges, training certification provides our as of much that is what happens in a traditional university setting. i think we need to think more broadly about the diverse learning community and a focus on the traditional pipeline that will be an important long-term solution i'm not the only
solution. in summary, three things about improving quality is to make sure it simpler driven. the way to close the gap between employer satisfaction and what education and training providers are producing is more conversation, more alignment between the two so that educations institution and provider producing what employers need. the second thing is what the report references is to more hands-on morning, more actual learning through doing as opposed to just knowledge or lectures if you will, the combination of knowledge and skills i think will close that gap. the third thing which is that way to bring employers and education providers together, if you're not familiar, there's a national cybersecurity workforce from referred to as a nice workforce remark that creates that standard, the way to get employers and education and trying providers to be thinking more in common. if we can more focus on what we have in common, common vision and goals, we can make progress
both quantity as well as quality. >> so these three initiatives in talking a cybersecurity, the skills and education come is this a unique field in terms of how challenging it is to train and develop the workforce, simone? >> i do think it is unique in some perspectives at a number of reasons for that. like rodney said i think one of the interesting point i found in the report was a 9% top universities currently offer any is a cybersecurity major or minor program. which in the grand scheme is a very small number. the question is not only what is that pipeline coming from but how long can wait to get into the point that they would be ready and willing and capable participants in the workforce which is a significant amount of time. for that reason you need to really look to alternative methods to continuing education and certification programs and we told me current skill sets to
one of the reasons why that is so difficult to cybersecurity in many ways is a very hard discipline to put your finger on what does that skill set required. it's a multidisciplinary field and the are a number of discipline that you can specialize in when you elect to go into cybersecurity. that's when the things that makes the field so wonderful. you can have an analytic or psychology degree and apply the infield of cybersecurity but you also be in forensics or malware analysis. it makes it very difficult to create a pipeline or programs that can address all of those different disciplines. another reason it's been challenging is that the field relatively speaking is new. i don't mean you any sense it hasn't been around or hasn't been an issue that's been addressed since the advent of our more connected world but as far as the profiles viewed and thanother that people have to he
had to explore this as a career field is really fairly recent. to be able to develop programs to catch up to that we are playing catch-up. fast one of the reasons that at cybervista i say we are kind of like the unsexy side of cyber because with the education folks. we want about people. if universities are not going to programs available in a printed time that's going to address that need well then when you do have some gap fillers. we also need to address the workforce where you can transition people from one career field that's in an adjacent area into the cybersecurity field if they're interested in a. as an example there's a 9% premium on salaries for i.t. professionals going into cybersecurity. to be able to take a lot of foundational skill sets and get people in of credentials or certifications whether it's a csis. or some other skill set, those are the types of things we are
looking at now in addition to higher education. >> i want to touch on your point about creating different programs to address all the different disciplines and maybe ask about israel's experience with it. could you speak about israel's approach to leveraging, amir, leveraging nontraditional sources of training and education with military service on a israel is going to cybersecurity workforce? >> sure. we are taking cyber very seriously. we understand this is something that will definitely change even the future of our state. about five years ago we did a big shift in the way to come is dealing with cyber in israel. building the organization, within the government but understand the abhorrent the phase, developing cybersecurity and what they're thinking about
this and how they are missing for the first time not through just gaming as we spoke earlier which is very important but also through different programs. currently we have five year plan and the government is currently funding $100 billion which israel terms is a lot of money your but not just in israel terms, it's a lot of money. to put it out of the curriculum of the high school near the end of the high school, including in the exams. part is to take very interesting challenge to ask students to participate in afterschool programs, not part of the official curriculums come into the areas and we found there is a big demand for that.
we promote this program about two years ago when currently you have a thousand people each year participating in the program. it's important not just what to study during college and university in israel. it's also very important for the part of the military service which is compulsory service. we have a compulsory service. i believe we would like not to have it but this is -- president lee we understand we need to find the most talented people to be part of the unit and the programs help us to find those people through competitions but also through just participating in those programs. i talk about the military, i'm talking about every year, every boy and to individual at the age of 18 starting their military service. some of them are going to a technologically delivered after
years of two years for girls and three years for both but if it chooses to be part of this technological unit, the same amount of fears for boys and girls by the way, and it's between four to five years. after four to five years now they're finishing their military service and their out and the private sector they can choose what they want to do. some of them are starting university immediately after that and graduate in computer science and other studies. some of them going to the private sector, opened their own startup or being a part of large enterprises. some of the deciding to stay in the government. i think this decision is very critical but its influence from all what learned in previous years. >> great. moving to the role of the employer in cybersecurity workforce development, candace, could you talk about what kind of employers to you both provide
and shape cybersecurity education and training? on the initiatives that come to mind that it is successful? >> i think the customers i speak with are very focused on making sure they continue to provide training to their security team. obviously, staying current with the skills, current with an understanding, both the average as well as malware in general is absolutely critical for them to be able to do their jobs. most organizations that have pretty solid security teams are putting significant amounts of investment into professional certifications, into continuing education for them specific around the computer science skills, those kinds of things. they are often do things like hacking competition. they would've a competition internally in the organization where they have different folks within the organization compete with each other. wargames, setting up teams of people who now are competing against each other in a hands-on
real-time kind of format. those are skills that can develop internal for the organization as well as leveraging external skills through training for physicians or universities that have specific curriculum around peter cybersecurity or skills that would be relevant in cybersecurity. i think there's tremendous opportunities for corporations to be part of providing about training, and provide veterans will also help them retain. if you're trying to retrain -- retain your talent, evolved skill set is a great way to help with retention. >> that's counter to some of the concerns i've heard from employers but one of the interesting highlights of our survey is that training is are important. i guess what would you say to an employer that says if i train my workers in believe, is going to be more valuable to other companies?
>> many times that's a function of creating a work environment where people want to be. i think phyllis made an incredible point, which is should not be able to pay as much as some of the private sector organizations but they have a nation and a culture of that organization and the mission of that organization becomes the motivation for the people that go to work for her. i think creating an environment that fosters kind of that since i'm part of something bigger than my current role or my roll alone is an outstanding way to get your people to stay. if you think about in the millennials, social conscience is a big part of what makes them tick. thinking about how insider part of what we do everyday is help people and corporations protect what's most important to them in the digital world. if you are a person were social conscience is important to you, being a part of it or decision that makes that a priority is a
great reason to stay in your j job. >> one of my favorite quotes personally is one from richard branson when he talks about training your people like you wanted to actually be able to leave but treats them so that they want to stay. i think there's a number of levers from the employer perspective that often speak to that, how do you treat them so they want to stay. if you're working for dhs and there is a nation, that is one aspect that can be a motivating factor as we talk about how employers can pull those levers. yes, there is of the sabra and the private sector and there's a time a place what it is be their primary concern. the further education opportunities. we change it is not so much more than just giving someone a tiny opportunity and than showing them they could have a grip after guessing here is ecru path or the things you can achieve by having these skills spent at some point money stops being a motivator.
it's all the other stuff that motivates you to stay in that company. >> i guess to pivot to governments and companies and the role, turning back to israel, from an outsider's perspective israel is doing very well in this for you said there investing $100 million and have high school programs and their political lives are engaged. what probably has israel encounter with cybersecurity were and what still needs to be done on that front? >> a great question because firstly, there is a very unique situation. one of very unique things is many -- [inaudible] there are about 257 different companies can just one-third of
what u.s. has but still it israeli terms it's a big challenge because those companies always need more people to work with them. another thing is that because it's a global challenge and it's a global world, not just regarding -- also the fact national companies are part of the israeli ecosystem. is ready the ecosystem just in a nutshell is part of it is that the academia, part of it is what we did talk about human capital, but also the private sector to we are proud with what we created the our biggest job is to keep the ecosystem strong, together with all the multinational companies involved in the israeli cybersecurity sector in the last two years.
>> the obama administration yesterday put out a new directive about outlining different agencies rules and responsibilities to cyber attacks but while this isn't directly related to the workforce%, i'm wondering how can these agencies deliver on the initiatives to respond given shortage? what is this government doing to address this shortage, hiring or maybe even outsourcing cybersecurity capabilities? >> so the title about the director, the cyber incident coordination, and my first reaction to his an operational concert or maybe a policy issue, but like all of these issues when you peel back behind the scenes it takes a skilled workforce to make things happen. there's a couple rolls called out in the directive i think are obvious ones, handlers are people who aren't in a fight in
cities and, therefore, need to show them. a second one that's called out it's about restoring, recovering from incidents. many of us know about business continuity role is important focusing on those two for a moment that's part of the workforce that is quite frankly today. your port talk about intrusion detection as a high demand skill and we don't know the incidents into we can discover them. i think it is directly related to both the directive in terms of how it's going to happen and who's going to do the work. what's more interesting when you drill down into the directive ended talks about the implications of the cyber incident, the impact, in other words, its list of these type of work roles, this is an operational continuity, adverse financial impact of privacy protection, liability risk, compliance issues, communications to affected users and external affairs recruiting, including media and congress to ggo to work roles for people lie to play to cap the directive effectively. i think it's a great
illustration of were are nice workforce for merck is going to recognizing quite frankly sabas goodie is everyone's responsibility i know that's part of our matches are sabas the awareness month and, in fact, our vision for nice is a digitally comedy that is enabled by a skilled and knowledgeable cybersecurity workforce. so the rule our variety of people including lawyers, policymakers, financial people and others who are going to a cybersecurity responsibility even in the context of cybersecurity incident management, if you will. so in the fall we plan to publish the next version of the nice workforce framework and in addition to sing subcategories the work, 30 specialty areas and the corresponding knowledge and skills and abilities you can also see work role david and that's precisely what the federal government is doing and it's an assessment of our workforce in capital get the work roles that are per from both within the i.t. organization and outside with respect to cybersecurity.
>> that kind is a good tie-in to my next segment about different feature skills and technologies and how these skills were developed over time given with interest as a whole is heading. simone come if you advising someone just about to enter the field come what skills should they learn to be competitive, given the technological development and how should they acquire them? what would you say about the skills and in the process? >> sure. it's a tough question because the technologies and automation so that are being developed are so fast but they're also a patchwork. when i talk to folks were looking to enter the field or if they're looking to even transition from maybe an adjacent i.t. field, i can to focus on some of the areas that require a higher order levels of analysis or data comprehensive or critical thinking.
it's applying it to tactical needs but as was mentioned earlier it's getting to a point that we want to be able to actually separate the and focus on what's important. the skill sets that we need are people is actually look at those items that are important. and allow technology to be developed that can help separate that. and just focus on the important component. it's tough because we don't want to pull people into only one skills that they would want someone to see are only capable of doing response because will havhave to committed that. you are potentially going to bring that up to your second thing. but you need those foundations. i think professional certifications in the landscape we have today are really integral point for people that are looking to break into that field. they set a baseline of knowledge that despite what technology gets developed and despite we automate served as a way for people to understand and
employers in particular to understand what is your baseline level of knowledge. just as an example, there are 49,000 open jobs currently for fashion in the us alone to our 65,000 holders. so you can see how that might be a problematic i'm balance in the workforce. so being able to address some of those grenades and dangerous transition as technologies change is going to be critical. when we talk about those skill sets and we talk about how to evolve, one of the things we see and cybersecurity and you see it in all fields but most acute in cybersecurity because it changes so quickly, the abolition great is just exponentially higher than you'd see in other disciplines. there's this need for continuity and consistency in training. so the skill set you might develop coming out of one program are not message was going to be what you need to be sustainable.
that's going to be true as we continue to advanced technology and create more opportunities to automate some of these a thick processes. >> as we danced these technologies and move towards more automate savaged the environment, one of the interesting findings from the report was nine out of 10 respondents believe technology can partially compensate in these type of technologies can partially competent for a gap in cybersecurity skills. this is the magic bullet? cannot solve all of our cybersecurity problems? how will the cyber industry skills shortage evolve in the future of? >> i do think there is a silver bullet, right? i think automation can begin to address a capacity issue. if i think back to the early in my time in security, most of the
customers that i would talk with our like yeah, i'm not automating processes associate with security because my neck is on the line if something goes wrong. if i automate the testing of patches or signature file or automate some critical process of social with security and the coast south, i'm probably in the unemployment line tomorrow. so that's not going to happen. at that point i would say the security industry as a whole was still relatively immature in the 2000. customers were building that trust and respect of security product providers. i think we have, a tremendous distance in terms of the credibility of security products and the confidence of the customers and agencies have in those products. we are not adequate with the conversations we're having with customers is there certain things i'm okay with automating. so i set up automated signature
files. i've created on the matic test rigs for operating systems patch updates so that i'm not having a person sit in front of the machine and click buttons through a process to test whether something is going to blow up in my environment. we have evolved i think from the user or consumers respective to being okay with automating what i can to call someone janitorial tasks. on the other hand, to our many tasks that still require gray matter. you need a person in a chair looking at a screen going through data to figure out which data is most critical or relative potential incident. you could literally looking at gigabytes of data trying to figure out which pieces of data are so so with an event. yes, there are probably some algorithms we could building computers to sift through that
initial level but when it comes down to the final determination of which of those is associate with an attack, but that, how did he get in the environment, what systems didn't touch? did axl to any data or information out of the organization? how do we repeat the damage it may have done and remove it from the environment? many of those types of tasks, you need a person to be doing that. it's very difficult to get a computer to be able to like do those levels of assessment. i think from an automation perspective there's lots that we as vendors can do to begin to build automation into the security process, into the security product we deliver to market. but there will always be roles that require humans to be part of the intervention i think we can also go into those programs things that make those tasks easier. so how do i get assistance to death first level of filtering
on those gigabytes of data? i know this is a standard call. i know that this was a standard policy that was applied by the security program. but my goodness, normally that application doesn't inject that process. there's anything in here that is injected that process. that's odd. having somebody see that point and this point and the point, they can tie this together intellectual insight those three things together equal bad when any one of them individually might not have raised a flag. i think automation can play april but there will always be a critical need for people who have deductive reasoning and problem solving and critical thinking skills. >> i figure automation funding may be one of the most new and original findings in the report. a lot of things have surfaced before and i would think it is a solution but not the solution to i can just give a couple of examples of our experience what i think we are mitigating the
workforce issues to automation or through deficiencies if you will. one is the federal government for good reasons were required to take mandatory cybersecurity awareness in. traditionally that what happened in the classroom like this was a live instructor presenting material. we have online training that is available that kind of eliminates the need for that physical person to be present got to say it isn't a need but that automation i think has led to efficiencies and will address the workforce issue. the other example that comes to mind is whether its account generation pass word changes progress. it used to require a physical person at the desktop. -- helpdesk. what i would also remind you is behind those automated efforts is innovation and creativity. that's a whole nother workforce we need to make those things happen. i agree it has an efficiency.
it's an important finding that you've made that is not the super bowl. it's part of the overall strategy we need to keep in mi mind. >> something i used to see in some financial institution and retailers that we would consult with is that technologies were great everyone to automate a lot of functions above around is there needed to be humans who could evaluate the use of the technology and how they efficiently and effectively worked together. but rarely was ticking down to in some cases a cost-benefit analysis. if you are making a large a lare assessment in some technologies that encompass 20% of what you need it to do but it turns out that it capable of doing 80% into just another people were able to utilize that in the right way for the are not working properly with other technologies give invested in, and the technology as good as it could be isn't as effective. unique humans to up set those processes up in your organization as the customers in order to make them work.
>> from a government perspective we definitely take the same approach just as described, to make more process automated and to understand exactly where the human most critical. also we take another approach, away from the needs of the from the larger enterprises need mainly because of mistake and impact that body made for nation, from national security perspective. taken those two approaches together we are working very close with the leading r&d centers in israel, universities and together with the private sector to understand how to automate it as much as we can and to find together what are the critical places to keep humans. >> garate. i think we have time for some
questions. or i can take moderator's prerogative and start off with one of my own. being that we're in washington and i feel like we're in the height of the legal system hundred seasons there's been a lot of talk about may be closing some of our borders with immigration policies that i was wondering how would that affect the tech committed and particularly cybersecurity work diversity is so important? how do you see this rhetoric or some of these proposed policies having an effect on workforce development and ability of employers to hire a diverse workforce? >> let me think carefully about this answer. what i would say is that certainly i think should the
country decide to go in that direction, that he will make it even more critical for us to work with universities to build an internal pipeline of technical talent coming out of university. i think we've seen over the course of the last several years a lower than we would like percentage of students coming out of university with engineering and computer science degrees. i think industry in general has looked to the international community to make up the capacity delta in terms of leveraging people from overseas to fill their roles. i think if we're going to limit accessibility to the broader talent pool that it will be incumbent upon us as really the country as a corporate and government community to make it a number 142 start developing more programs that facilitate an increase in technical degree programs.
>> i would just give a quick example, a nonpartisan and i might add, related to the scholarship for service program that phil is referred to earlier. that is one of the ways the federal government is incenting students to both receive a degree and get their tuition, room and board and fees paid in return for government service. historically, that allegedly has been limited to u.s. citizens. under the cybersecurity and has under the cybersecurity enhancement act of 2014 that was opened up a little bit more. but the point is that because of the demand whether it's an industry or government we are seeing both the domestic, you students as well as graduate students take pretty quickly into the workforce which we hear from our graduate ph. d. producing institutions that leaves them a shortage of people who can pursue masters degree and ph.d's who in return will be the professors and teachers in the future. whether it's a result of immigration policy or even our own domestic policies with respect to the pipeline. the bottom line is to get that i think could work for the
government and get clearance it's heavily favored in the favor of u.s. citizens. >> one of the most interesting statistics in the report was there's several% of top universities that an undergraduate degree program but there's only one-third of universities that have a graduate program. of that third, 68% of the student population is made up from foreign students. and so why don't necessarily have a comment on the immigration side of things, i do think that's very interesting and troubling when you think about that the perspectives coming to programs to date and if that all of a sudden it stopped, i think it tells me that we do need more programs that can address they need because that's woefully inadequate but also we should continue to get that diversity of perspective. this is a worldwide problem. ..
>> with the comment that you made about 68% of students in advanced degree programs are coming from overseas, the question begged to be asked, is that because there is not enough u.s. people applying for those programs? the question would be, why is that? or are they being beaten out by more talented folks from overseas? why only 34% of u.s. students in those advanced programs? >> what i certainly hear from chancellors, presidents and deans at colleges and universities because many of their undergraduate students in particular can leave college and get high-paying jobs with acknowledge and skills they obtain in four years. there is not incentive to return for masters and phd. there is a challenge shortage if you will in the graduate student pipeline in and of itself. the incentives are not there. when you talk about leaving government to go to higher paying job that is in industry
or elsewhere, the same is true for teacher and faculty member which pays even less than working with the government. it is hard to attract really talented researchers and faculty if we're not offering competitive salaries. look at higher education as an example. contrast what we pay for doctors and medical school professors and others who are, highly-skilled and highly in demand. you reward them with high salaries but we don't reward computer science professor or business professor, the person who is teaching cybersecurity across the curriculum in the same way. >> a lot of these programs are fairly new. like the rest of the field there is some level of marketing. as i said in the past, cyber has marketing problem. we need to be more aggressive recruiting people into the field, taking educational route or pursuing as career field.
because there is not enough demand from domestic u.s. students or whether they're being weeded out i still think the problem could be solved by continuing to really actively recruit and show people the path they can have by selecting a career in cybersecurity. >> to go off of that, i think it is also actively recruiting and doing that at younger age and letting career path be known at younger age. advantage where some other countries are doing that better than we are right now. >> as a computer science student a millenial i'm curious from any of you all, what do you find the most frustrating, i guess, aspect of recruiting specifically the millenial generation?
>> wow, i will throw something out there. i think part of it is melding a millenial workforce with a workforce of previous generations can be challenging, right? so many of the folks that are in industry today are part of the end of the baby boomers or gen-ys or x? i get my alphabet get mixed up on generations. they have a very different perspective. many don't use social media as often. many still want to pick up the phone and walk down the hall to talk to someone rather than instant message. so you end up with a little bit of not culture clash but a different approach to communication, a different approach to work and i know as a manager of large groups, that
becomes one of my management challenges, how do i get these diverse generations who really approach communications and work differently sometimes to find common ground so they can successfully execute on a project together. reality i will not put all millenials on one project and all baby boomers on another. they're going to bring different skillsets to that same project, and i need both or three or four generations in a project. one, because it brings diversity of thought, right? they have different experiences and approaches to problem solving. that gets you a better result. but with diversity you get difference of opinion, you get debate, you get conflict, and as a manager you have to figure out how to bring that team together. often times you end up being teacher, coach, playground referee. so as a manager i say that is
one of my bigger challenges is not just with millenials but in how to create a cohesive team that is represented across multiple generations. >> i have two daughters that are millenials. i have to be careful what i say what frustrates me about millenials. i want to actually turn it around a bit. i'm less frustrated with millenials. i'm optimistic and see a lot of opportunity. i'm more frustrated about the workforce they're trying to enter and trying to build models and systems off of, as phillip said, previous generations who stay there a long time and have traditional ways of coming to and from work every day. we need to recognize millenials will stay for a shorter period of time than a lifelong career. when you talk about diversity of thought, that that is a good th. when they're coming out of industry or government they're bringing diverse ways of thinking i think is very
valuable to the organization. secondly we need, in the job, in the federal government great example as part of new federal cyber security workforce strategy released last week, is job rotations is a good thing. it is not always a career ladder where you advance, advance, more pay, more pay, getting a different experience working across a department working in another agency. getting different assignment. working with dhs with an employee that comes from nef. that gives millenials engaged and adds value to the and that is new normal. >> can i ad one more point? millenials, one, they like working from home. the diversity to work, from whatever environment makes them feel comfortable. i think that they generally like social causes. they like organizations that are socially conscientious. could cyber security be a better field for them? it is all about trying to make the world a safer place at some level.
i have never worked in an organization was more geographically diverse than the one i'm in right now with intel security. we have a large workforce that works from home. we have people spread out all over the globe. if i look at my team alone, i have three or four soho workers. i have people who work in europe and several locations in the u.s. it gives them maximum flexibility to live where they want to live to get work-life balance they want. and not that there aren't long hours. we have plenty of times it is 7-hour day, not a -- 17 hour day, not an 8 hour day. at same time it gives them a lot of elements you looking for in a job you can't find in cybersecurity. sorry. >> no, that makes sense. i'm going to pull a rodney, my biggest frustration is strength for millenials and frustration and motivation for us as employers.
all the millenials i so hired over the years are so motivated and ambitious and it is contingent on us in the workforce to provide them a environment to excel and succeed and that is greater burden, a good burden, but on us as employers to provide those opportunities. it makes our organization better. we are more successful when we create environments to give people opportunities and succeed in their ambitions and motivations. i have found one of the most passionate creative thinkers we work with and approaching problems in a way that i think a lot of their predecessors look at the problem, because they were looking at paradigm of fairly traditional model. and so the frustration ultimately it makes it more work for us but that's a good thing. i am so happy to have that challenge as we kind of look to this. contingent of the workforce that
is so eager to learn. if you give them that opportunity they will eat it up. i think that the is really something we should be taking advantage of, providing them the infrastructure and perspective in order for them to take advantage of it. >> i have nothing. >> i guess if there is no more questions from the audience, i would like you to join me in thanking our panel for their time and insights here today. [applause]
>> live picture from philadelphia this morning as we are waiting words from minnesota senator amy klobuchar and virginia congressman gerry connelly and don beyer. they're speaking at virginia delegation breakfast on the final day of the democratic national convention. it should be a couple moments here live on c-span2. [inaudible conversations]
[inaudible conversations]. >> while we're learning it will be a another moment while the guests speaking start, we'll wait and look at philadelphia as the convention continues this week. >> we are at corner of 12th and arch in downtown philadelphia, pennsylvania convention center. adam hopkins a spokesperson and volunteer for political theft. if you love politics and political trivia this is the place to be. >> that's right. this is political fest. at pennsylvania convention center at 12th and arch in philadelphia. we have seven locations across the city. open to the public and encourage all philadelphians and visitors to come visit.
we're excited to show this off to people. >> what will people learn as they walk through the exhibit? >> you learn about philadelphia history, american history, the history of democracy in the united states and american presidents, really everything you would want to know if you're a political junkie like me. >> we'll go inside in just a moment. let's walk over here. this is the c-span american presidents exhibit, part after series we did a number of years ago. let's talk to marti, the vice president and responsible for this exhibit. so, marty, what will people take away from this? >> important to put everything into perspective with history. as people are looking at decisions who to choose for president this year, not to look at our history kind of take that into perspective and think of bigger picture of over time what makes a difference in who you choose. >> in each of these banners you have information about each of the presidents. you have first ladies. sometimes they had more than one spouse and fun trivia about their presidency. >> yes.
this is original collection by charles faithen, we have original oil portraits and we have facts about them, in partnership with the white house historical association. and we actually, they're interactive. you can put in urls to watch a video clip for each president and audio recordings of presidents since the age of audio. >> notice tremendous feedback from those who have been here. what reaction especially among children who walk through this? >> they really like it. it is very visible. it is very tactile. they can touch things and look at things and kind of interact with it and feel like they're getting better picture of history coming alive for them. so. >> birthplace of the constitution right here in philadelphia. >> right here in philadelphia. right here at the pennsylvania convention center where we're delighted to be partnered with the political fest as their official media partner.
>> c-span and one of the places in main hall in pennsylvania convention center. adam, what is in here? >> one of the biggest draws is jfk replica air force one fuselage. only original replica of the fuselage. we have jfk's limousine from 1963. we have voting through time exhibit where you have voting booths from throughout the history of the united states. we have a real replica of office as well. really excited people to come and see night is there a favorite exhibit here inside? >> i would have to say the air force one fuselage. that has been the big draw. we have lines, 20, 30 minutes long. people get inside, take a picture. >> do you think this is chance for people to get excited about politics in really different way? >> absolutely. this allows people to engage with the political scene. learn about history and get ready for election.
>> we are now inside the car used by john f. kennedy in dallas, texas, just before he was killed. jim, tell us about this incredible vehicle and the history behind it. >> what's interesting you can not imagine today the white house borrowing a private car to take the president around. but when he was in texas they had four, series of parades with the official limousine. he was to fly into fort worth the night of the 21st late. they weren't going to do a parade. so they went ahead and flew the official car to dallas for a parade next day. so they borrowed this car from a ford dealership and this was sam snead's car. so they brought him from the airport at carswell air force base on 11:00 the night of the 21st, he and jack kim. next morning he came out and spoke to 5000 people in the rain. went in and made the last speech
at chamber of commerce in dallas. pouring rain. he was only one didn't have a jacket and hat on really. so the car and all the film footage of the car has the top up. but the sun came out during the speech. so they decided to put the top down. he road the 12 minutes from the hotel to carswell, side of streets that were lined in people. he gets out of this car. gets on air force one. flies ten minutes to last. within an hour getting out of this car he passed away. this is the actual last car he got out of. this car traveled for years as collector car. then it has been in storage. i bought it in october of 2013 to give back to fort worth for the 50th anniversary. we parked it in exactly the same spot at the same hotel. jim wright, congressman from texas, who introduced kennedy at the rally outside that morning was there for the 50th. he came over to the car and he remembered the car and kennedy getting in the car that morning.
>> so he sat where we are right now? >> exactly where you're sitting. jackie the abouts -- gets in the car the she moves to the middle. governor connolly gets in seat where i'm sitting and president kennedy sat where you're seating. this is not a big presidential limousine they're all packed in. >> this is really incredible. >> interior, nothing has been changed. it does have a new paint job an a little work on the engine. the car runs. nothing has changed. you can, a lot of great photos of them in the car. andy warhol, there was picture of jackie looking to the left as they pulled off. andy warhol did one of those composites where he duplicated photograph of her in watercolors. >> we are adjacent first of all to another exhibit that includes the last telephone that john f. kennedy used in texas. >> yes. white house put telephones in for the president that was secure.
it was so late when they got in, they were exhausted. the arch society in fort worth, decorated the room with picasso, beautiful paints. they didn't notice it to the next morning. president made one last call. he called the lady at the art society to thank her for all the artwork for the room. that was the last telephone call he made. they didn't have portables. he gets in the car and then on to dallas. there are a lot of pictures of the phone sitting oned about stools in the room. >> a lot pictures from november 22nd, 1963, as well as tie used by president kennedy. >> just a couple quick announcements. just a quick update, as you guys came in about the camden concert starting this afternoon. so in terms of transportation, you have to get yourself there but there will be buses for delegates on site to take you immediately to the wells fargo
center. so you don't need to worry about coming back here. you can go straight from there to the floor. also, i would like to say, who had fun at the bake and bourbon last night? [applause] because you can thank melman, who is our sponsor for this breakfast this morning. let's give them a round of applause. [applause] okay, great, well i'm going to bring up gupta for a couple words from our sponsor and let the party keep going, so thank you, everybody. >> good morning. very energetic i'm told people partied i'm told to 3:30 in the morning. congratulations. it has been a great week with you all. we have really enjoyed everything from hearing the
wonderful speakers to the beer garden party overlooking liberty bell. and really appreciate all that you do every day to make virginia the communities our country better. we're representing the a government affairs firm in d.c. i have some of my colleagues here as well but in reality we're doing this because i'm also representing me. i am a resident of fairfax county. yeah. [applause] i have a small business, a coffee wine bar in louden county. bean bar, buy some coffee when you get home. i have two young children, fifth and 8th grade, getting incredibly solid education in the fairfax county schools. [applause] [shouting] and i'm a daughter of two immigrant parents who came over
in 1968. so i am the first person in my entire family tree born in the united states of america. [applause] thank you so much. i'm a proud american and i am incredibly proud to be a virginia democrat because of all of you. [applause] so, senator kaine, our next vice president, said some wonderful things yesterday but i thought, when he said the party gave him money and it probably felt like what pinocchio felt like when they told him he would be a real boy. you think about that. how we talk about money and role of money. what is is fate, validation, someone betting on you and it is somebody saying we want you to do more like this. that is the message we want to leave you with. melvin is doing this because we have faith in all of you. we love the partnership we have.
we want to do more of it. again, thank you, thank you. i also hope, given all the great things that you all do, you have an incredible federal delegation, incredit ab, you take moments today to soak it in. whether people go to the convention hall and take the time and logistical nightmare. nothing more democratic, right, than hearing from your leaders and participating in the process. what i have hope today on last day of convention, we all soak in the moment. we celebrate what we accomplished and look to the future where we're creating history. thank you. [applause] >> all right. good morning, everybody. >> good morning. okay, before we begin, i have one very special announcement to
make, we have, you know, everybody has, been a special participant here. but we have one person who has, worked really hard and what do you know, the day that, actually hillary clinton speaks and accepts this nomination, also happens to be delegate alfonso lopez's birthday. [applause] so, you know, alfonso -- ♪ happy birthday to you ♪ >> alfonso, stand up. ♪ happy birthday to you [applause] hasn't he done a great job equiping our delegation and keeping everything, the trains
running on time. so another shoutout to, thank you, alfonso, for being there on time every single day. helping us, make virginia look good. [applause] so, can't he believe this day is here but we have a great final day ahead of us. we have our special guest, minnesota senator amy klobuchar and her husband is with us this morning. [applause] we have our wonderful attorney general, mark herring and his wife laura with us. [applause] congressman done barr and meghan are with us. [applause] congressman gerry connelly is with us and i think his wife might be too. and our next congresswoman from the 10th congressional district, louann bennett.
[applause] now i know some of y'all are tired. for those of you who went to the open bar last night, it is called a party for a reason. but, you look pretty fresh this morning. i can't believe the first woman candidate ever nominated by a major political party will be formally accepting the nomination this evening. as a woman, and yes, donald trump i am playing the woman card, this is monument al. i never thought, i never thought i would see this day. to quote joe biden, it is a bfd. [applause] let me tell you. pretty simple.